last sync: 2021-Sep-24 16:09:49 UTC

Azure Policy definition

Unattached disks should be encrypted

Name Unattached disks should be encrypted
Azure Portal
Id 2c89a2e5-7285-40fe-afe0-ae8654b92fb2
Version 1.0.0
details on versioning
Category Compute
Microsoft docs
Description This policy audits any unattached disk without encryption enabled.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Disabled)
Used RBAC Role none
History none
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Deprecated]: Azure Security Benchmark v1 42a694ed-f65e-42b2-aa9e-8052e9740a92 Regulatory Compliance Deprecated
[Preview]: CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance Preview
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA
CIS Microsoft Azure Foundations Benchmark v1.3.0 612b5213-9160-4969-8578-1518bd2a000c Regulatory Compliance GA
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA
JSON
{
  "displayName": "Unattached disks should be encrypted",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "This policy audits any unattached disk without encryption enabled.",
  "metadata": {
    "version": "1.0.0",
    "category": "Compute"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Compute/disks"
        },
        {
          "field": "Microsoft.Compute/disks/diskState",
          "equals": "Unattached"
        },
        {
          "anyOf": [
            {
              "field": "Microsoft.Compute/disks/encryptionSettingsCollection.enabled",
              "exists": "false"
            },
            {
              "field": "Microsoft.Compute/disks/encryptionSettingsCollection.enabled",
              "equals": "false"
            }
          ]
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]"
    }
  }
}